A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Size: px
Start display at page:

Download "A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud"

Transcription

1 A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud

2 A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches, governments, industries and individual organizations are increasingly adopting regulations and standards to handle sensitive information. Complying with these rules and best practices challenges any IT team. Audit processes and the need to prove compliance further complicates matters. As organizations pursue cloud-based services, upholding compliance together with their cloud service provider can raise additional hurdles. Regulations and Standards For healthcare in the US, HIPAA (Health Insurance Portability and Accountability Act) governs handling of sensitive patient information, referred to as Electronic Protected Health Information (ephi). HIPAA regulations apply to medical care providers and health plan administrators, as well as those hosting this information. Similar standards and regulations exist in various geographies around the world. The European Union (EU) has one overarching privacy law, the Data Protection Directive 1995/46/EC. In 2002, the EU adopted the e-privacy Directive 2002/58/ EC, which adds protection for personal data in the field of telecommunications and includes requirements regarding the handling of what HIPAA considers ephi. The Data Protection Directive and e-privacy Directive combined would be considered the HIPAA equivalent for the EU, but is much wider in scope than just the protection of healthrelated information.

3 A Checklist for Compliance in the Cloud 2 Since 2009, when the HIPAA breach notification requirement took effect, millions of people have had their protected health information compromised in privacy and security breaches. The Office for Civil Rights, the HHS division responsible for enforcing HIPAA, has levied more than $74 million in fines, with almost $20 million in 2017 alone, against healthcare organizations responsible for violating the privacy and security rules. u.s. deparatment of health and human services Organizations that store, process or handle credit card information fall under standards established by an independent organization, the Payment Card Industry (PCI). Fines for noncompliance can be significant. PCI DSS is a global standard and applies wherever the industry s services are being used. Also, many organizations are setting up their own internal compliance requirements. Therefore, organizations typically have multiple regulations or frameworks with which they must comply. The range, variety and changing nature of compliance rules may be difficult to understand and interpret for an organization. Relying on cloud-based services may add further complexity and decrease visibility. How do you ensure you are complying when not all resources are on your premises in your physical control? Is the Cloud Right for Stringent Compliance Applications? The cloud offers significant benefits: instant scalability, flexibility, access when and where needed, lowered costs and fewer operational demands on the IT department.

4 A Checklist for Compliance in the Cloud 3 It allows organizations to respond to their present and future needs without up-front lead time and capital investment. They can get and use what they need, when they need it. The organization can focus on their core mission and invest in areas strategic to their business. HIPAA compliance requires a proactive stance on the part of the cloud service provider, they aren t just a passive host or warehouse of data and/or applications. Despite these advantages, many still question whether flexibility and cost savings are worth the risks when faced with a potentially daunting regulatory environment. For example, consider the role the cloud plays in complying with regulations such as HIPAA. Below are a few key requirements of HIPAA that directly impact the cloud service provider as well as the healthcare, medical records, insurance or other medical-related organization. > Physical access to the facility storing the data must be secured and authentication required. > Sensitive data may need to be encrypted throughout, both at rest and during transmission, regardless of the device it is coming from or going to. > Backup, operation in an emergency and disaster recovery must be planned for and documented. > Inactive sessions must be securely disconnected. > The service provider must be thoroughly familiar with the required HIPAA requirements and pass a HIPAA audit. > Throughout, audit controls and documentation are imperative to demonstrate compliance is being met and to identify vulnerabilities.

5 A Checklist for Compliance in the Cloud 4 Evaluating your Cloud Service Provider for Compliance How should you select a partner for your cloud needs? First, identify the regulations and operational requirements that bind you. Typically, your organization must comply with more than one set of regulations or standards. Use of credit and other payment card services in addition to the sensitive health information data necessitate complying with both HIPAA and PCI in the United States. Also, take note of the geographical constraints you have, governing where workloads are allowed to run. Verify that the cloud provider will maintain data sovereignty and not move your workloads. Second, identify service providers that meet the criteria listed above. Look at analyst reports, websites for customer stories of organizations like yours, referrals from your application or network platform providers. Approach it as a search for a long-term partnership, not just a series of transactions. Third, come to those prospective cloud service providers with a checklist to ensure all your questions are answered. Expect a conversation not an exchange. You will be entrusting sensitive data of your customers and risking the reputation of your organization. Often, the greatest costs of a breach are not the HIPAA violation fines imposed but the negative publicity and loss of patient or customer faith.

6 A Checklist for Compliance in the Cloud 5 A Checklist for Evaluating Cloud Service Providers Assemble your checklist. Meet with one of the cloud provider s compliance officers. Arrange a walk-through of their facilities and compliance-related processes. Some considerations you might include in your checklist: Qualities of the Cloud Service Provider Commits to adhering to the applicable compliance regulations and standards. Upholds standards in accordance with HIPAA, ITIL, HITECH, etc. Conducts constant risk assessment of their cloud infrastructure to ensure it meets SSAE16 and HIPAA requirements and protected from other vulnerabilities. Willing to sign Business Associates Agreement (BAA). Contract incorporates language covering applicable BA obligations. Documents and fulfills security incident response, emergency mode operations, and disaster recovery plans. Compliance Technologies in Place Software or services to identify and alert on compliance gaps in your configuration. Scanning software running on the platform, ensuring it remains compliant and secure. Physical safeguards and authentication methods used at data centers and facilities. Reporting Capabilities Available Reporting on-demand without undue bureaucracy or lead time. Required audit documentation and support for your audit process. Reporting of incidents and vulnerabilities so they can be rapidly addressed.

7 A Checklist for Compliance in the Cloud 6 Compliance-Oriented Customer Support Service provider s compliance professionals are available to meet with your team. Service provider s staff have applicable certifications. Procedures aligned with regulatory requirements, including final disposal of sensitive data. If needed, service provider compliance professionals can discuss compliance and security procedures directly with auditors. Fulfilling Your Compliant Cloud Plan Finally, develop comfort with your cloud provider through your roll out plan. Work with your cloud partner to decide how best to configure your workloads to ensure compliance. Take it a step at a time, possibly starting with the least sensitive workloads or just net new virtual machines. Or, maybe you have some less compliance-critical systems. Work to get those in, and see how well the compliance framework of your chosen cloud is working for you. With the experience and expertise of your cloud partner, you ll gain confidence to move more of your footprint into the cloud. Realizing the Benefits of a Compliant Cloud Getting the flexibility and benefits of the cloud, as well as the compliance you need, takes consideration and planning. Don t settle. From the beginning, ensure your cloud service provider has your compliance and audit needs in mind. You want a provider who puts you first and wants you to benefit from the cloud. Find a provider that will keep your organization in compliance and protect you and your customers sensitive data. Make sure they have the experience, skills, staff and processes to deliver on your specific compliance needs.

8 A Checklist for Compliance in the Cloud 7 Discover the iland difference With over 20 years of experience supporting customers and their critical workloads, iland has a keen understanding of the space and the requirements and regulations that cloud customers are held to. In response, iland has developed specific compliance offerings for a wide range of industry regulations. Our team of certified, inhouse compliance professionals consult with customers and provide assistance when interpreting reports and using report data to help them meet their requirements. Scheduled a consultation with one of our compliance experts today. Not quite ready to talk? That s OK. Take a look at a few of our other compliance-related materials first. > Ensuring a Compliance Cloud That s Audit Ready > Compliance Data Sheet

9 A Checklist for Compliance in the Cloud Contact (44) (0) (31) (0) (65) (61) (0) About iland iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS). They are recognized by industry analysts as a leader in disaster recovery. The award-winning iland Secure Cloud Console natively combines deep layered security, predictive analytics, and compliance to deliver unmatched visibility and ease of management for all of iland s cloud services. Headquartered in Houston, Texas and London, UK, iland delivers cloud services from its data centers throughout the Americas, Europe, Australia and Asia. Learn more at iland.com iland. All rights reserved.

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements

More information

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information

More information

The simplified guide to. HIPAA compliance

The simplified guide to. HIPAA compliance The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act

More information

Putting It All Together:

Putting It All Together: Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,

More information

All Aboard the HIPAA Omnibus An Auditor s Perspective

All Aboard the HIPAA Omnibus An Auditor s Perspective All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes

More information

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated

More information

TRACKVIA SECURITY OVERVIEW

TRACKVIA SECURITY OVERVIEW TRACKVIA SECURITY OVERVIEW TrackVia s customers rely on our service for many mission-critical applications, as well as for applications that have various compliance and regulatory obligations. At all times

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

Cloud & Managed Server Hosting for Healthcare Professionals

Cloud & Managed Server Hosting for Healthcare Professionals Cloud & Managed Server Hosting for Healthcare Professionals HIPAA AICPA SOC aicpa.org/soc4so SOC for Service Organizations Service Organizations Cloud & Managed Server Hosting for Healthcare Professionals

More information

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over

More information

Google Cloud & the General Data Protection Regulation (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR) Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

HIPAA Privacy, Security and Breach Notification

HIPAA Privacy, Security and Breach Notification HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance

More information

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely

More information

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their

More information

TRUE SECURITY-AS-A-SERVICE

TRUE SECURITY-AS-A-SERVICE TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure.

More information

Cloud Communications for Healthcare

Cloud Communications for Healthcare Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

Finding and Securing ephi in SharePoint and SharePoint Online

Finding and Securing ephi in SharePoint and SharePoint Online Finding and Securing ephi in SharePoint and SharePoint Online Executive Summary The healthcare industry and related verticals such as insurance are under pressure to share information and collaborate in

More information

What is HIPPA/PCI? Understanding HIPAA. Understanding PCI DSS

What is HIPPA/PCI? Understanding HIPAA. Understanding PCI DSS What is HIPPA/PCI? In this digital era, where every bit of information pertaining to individuals has gone digital and is stored in digital form somewhere or the other, there is a need protect the individuals

More information

Secure HIPAA Compliant Cloud Computing

Secure HIPAA Compliant Cloud Computing Business White Paper Secure HIPAA Compliant Cloud Computing Step-by-step guide for achieving HIPAA compliance and safeguarding your PHI in a cloud computing environment ClearDATA Customer Success Story

More information

GDPR Update and ENISA guidelines

GDPR Update and ENISA guidelines GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure

More information

The ABCs of HIPAA Security

The ABCs of HIPAA Security The ABCs of HIPAA Security Daniel F. Shay, Esq 24 th Annual Health Law Institute Pennsylvania Bar Institute March 13, 2018 c. 2018 Alice G. Gosfield and Associates PC 1 Daniel F. Shay, Esq. Alice G. Gosfield

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017

More information

IT your way - Hybrid IT FAQs

IT your way - Hybrid IT FAQs Hybrid IT IT your way - Hybrid IT FAQs Create a strategy that integrates in-house and outsourced IT services to meet ever-changing business requirements. Combine on-premise and off premise solutions Mix

More information

Compliance with CloudCheckr

Compliance with CloudCheckr DATASHEET Compliance with CloudCheckr Introduction Security in the cloud is about more than just monitoring and alerts. To be truly secure in this ephemeral landscape, organizations must take an active

More information

HITRUST Common Security Framework - Are you prepared?

HITRUST Common Security Framework - Are you prepared? ALLINIAL HITRUST Common Security Framework - Are you prepared? Michael Kanarellis, HITRUST CCSFP May 17, 2017 MEMBER OF PKF ALLINIAL NORTH GLOBAL, AMERICA, AN ASSOCIATION AN OF LEGALLY OF LEGALLY INDEPENDENT

More information

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

CONSIDERATIONS BEFORE MOVING TO THE CLOUD CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part I By Debbie C. Sasso Principal When talking technology today, it s very rare that the word Cloud doesn t come up. The benefits

More information

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements

More information

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing

More information

Custom cloud hosting for your Sitecore Experience Platform.

Custom cloud hosting for your Sitecore Experience Platform. Custom cloud hosting for your Sitecore Experience Platform. www.opusinteractive.com We ve got a 15 year history of working with Opus Interactive. Their commitment to customized, high performance hosting

More information

Village Software. Security Assessment Report

Village Software. Security Assessment Report Village Software Security Assessment Report Version 1.0 January 25, 2019 Prepared by Manuel Acevedo Helpful Village Security Assessment Report! 1 of! 11 Version 1.0 Table of Contents Executive Summary

More information

CLOUD COMPUTING READINESS CHECKLIST

CLOUD COMPUTING READINESS CHECKLIST CLOUD COMPUTING READINESS DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO 1 CONTENTS INTRODUCTION

More information

HIPAA Compliance Checklist

HIPAA Compliance Checklist HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.

More information

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Policy and Procedure: SDM Guidance for HIPAA Business Associates Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:

More information

Healthcare in the Public Cloud DIY vs. Managed Services

Healthcare in the Public Cloud DIY vs. Managed Services Business White Paper Healthcare in the Public Cloud DIY vs. Managed Services Page 2 of 9 Healthcare in the Public Cloud DIY vs. Managed Services Table of Contents Page 2 Healthcare Cloud Migration Page

More information

DeMystifying Data Breaches and Information Security Compliance

DeMystifying Data Breaches and Information Security Compliance May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

HIPAA COMPLIANCE AND DATA PROTECTION Page 1 HIPAA COMPLIANCE AND DATA PROTECTION info@resultstechnology.com 877.435.8877 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and RESULTS Cloud

More information

01.0 Policy Responsibilities and Oversight

01.0 Policy Responsibilities and Oversight Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities

More information

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations

More information

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment RELIABLE, FAMILIAR INFRASTRUCTURE BACKED BY VMWARE AND DELIVERED THROUGH PARTNERS HELPS OPTIMIZE CLOUD INVESTMENTS AS ENTERPRISES

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

Avanade s Approach to Client Data Protection

Avanade s Approach to Client Data Protection White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success

More information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,

More information

Three Key Challenges Facing ISPs and Their Enterprise Clients

Three Key Challenges Facing ISPs and Their Enterprise Clients Three Key Challenges Facing ISPs and Their Enterprise Clients GRC, enterprise services, and ever-evolving hybrid infrastructures are all dynamic and significant challenges to the ISP s enterprise clients.

More information

Magento GDPR Frequently Asked Questions

Magento GDPR Frequently Asked Questions Magento GDPR Frequently Asked Questions Whom does GDPR impact? Does this only impact European Union (EU) based companies? The new regulation provides rules that govern how companies may collect and handle

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with

More information

MultiPlan Selects CyrusOne for Exceptional Colocation and Flexible Solutions

MultiPlan Selects CyrusOne for Exceptional Colocation and Flexible Solutions CASE STUDY MultiPlan Selects CyrusOne for Exceptional Scalable, secure and reliable data center solution keeps healthcare company operating seamlessly MultiPlan Inc., the industry s most comprehensive

More information

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017 HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting

More information

How to Ensure Continuous Compliance?

How to Ensure Continuous Compliance? How to Ensure Continuous Compliance? Episode I: HIPAA Compliance 101 Speaker: Danny Murphy Sr. Sales Engineer, Netwrix Corporation Danny.Murphy@netwrix.com +44 (0) 203 588 3023 ext 2202 Agenda Compliance

More information

Cloud Brief. Understanding Compliance in the Cloud. Introduction PCI DSS THE CLOUD STRATEGY COMPANY TM

Cloud Brief. Understanding Compliance in the Cloud. Introduction PCI DSS THE CLOUD STRATEGY COMPANY TM Understanding Compliance in the Cloud Key considerations for ensuring PCI DSS, HIPAA/HITECH, ITAR and FFIEC compliance with cloud partners. Introduction Increasing adoption of the cloud enables IT organizations

More information

Keys to a more secure data environment

Keys to a more secure data environment Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting

More information

Getting ready for GDPR

Getting ready for GDPR Getting ready for GDPR Cybersecurity for Data Protection Brought to you by: What is GDPR? The (GDPR) is the European Union s response to the increasing privacy demands of the European society. The primary

More information

Data Security: Public Contracts and the Cloud

Data Security: Public Contracts and the Cloud Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?

More information

HIPAA 101: What All Doctors NEED To Know

HIPAA 101: What All Doctors NEED To Know HIPAA 101: What All Doctors NEED To Know 1 HIPAA Basics HIPAA: Health Insurance and Portability Accountability Act of 1996 Purpose: to protect confidential information through improved security and privacy

More information

Choosing the Right Solution for Strategic Deployment of Encryption

Choosing the Right Solution for Strategic Deployment of  Encryption Choosing the Right Solution for Strategic Deployment of Email Encryption White Paper: Enterprise Email Encryption Email Protection Buyer s Guide Choosing the Right Solution for Strategic Deployment of

More information

The HIPAA Omnibus Rule

The HIPAA Omnibus Rule The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed

More information

Healthcare Privacy and Security:

Healthcare Privacy and Security: Healthcare Privacy and Security: Breach prevention and mitigation/ Insuring for breach Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.securityprivacyandthelaw.com Boston Bar Association

More information

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within

More information

Support for the HIPAA Security Rule

Support for the HIPAA Security Rule white paper Support for the HIPAA Security Rule PowerScribe 360 Reporting v1.1 healthcare 2 Summary This white paper is intended to assist Nuance customers who are evaluating the security aspects of PowerScribe

More information

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here

More information

HIPAA Compliance and Auditing in the Public Cloud

HIPAA Compliance and Auditing in the Public Cloud HIPAA Compliance and Auditing in the Public Cloud This paper outlines what HIPAA compliance includes in the cloud era. It aims to help enterprise IT leaders interested in becoming more familiar with the

More information

Data Backup and Contingency Planning Procedure

Data Backup and Contingency Planning Procedure HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage

More information

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help WHITE PAPER The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help ii Contents Personal Data Defined... 1 Why the GDPR Is Such a Big Deal... 2 Are You Ready?...

More information

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

How icims Supports. Your Readiness for the European Union General Data Protection Regulation How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection

More information

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification 2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,

More information

GDPR Compliance. Clauses

GDPR Compliance. Clauses 1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The

More information

Run the business. Not the risks.

Run the business. Not the risks. Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.

More information

Symantec Security Monitoring Services

Symantec Security Monitoring Services 24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts

More information

Modern Database Architectures Demand Modern Data Security Measures

Modern Database Architectures Demand Modern Data Security Measures Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing

More information

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation

More information

NYDFS Cybersecurity Regulations

NYDFS Cybersecurity Regulations SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy

More information

case study Business Profile The Challenge Company... emix Size... SMB Industry... Healthcare Cloud Application... Production Location...

case study Business Profile The Challenge Company... emix Size... SMB Industry... Healthcare Cloud Application... Production Location... As the healthcare industry continues to make strides in its adoption of new technologies, San Diego-based emix is at the forefront of the revolution. Using iland s cloud platform the company is keeping

More information

Twilio cloud communications SECURITY

Twilio cloud communications SECURITY WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and

More information

COBIT 5 With COSO 2013

COBIT 5 With COSO 2013 Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder

More information

Protecting your data. EY s approach to data privacy and information security

Protecting your data. EY s approach to data privacy and information security Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share

More information

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling

More information

Clearwater HIPAA Security Assessment Software. Demonstration

Clearwater HIPAA Security Assessment Software. Demonstration Clearwater HIPAA Security Assessment Software Demonstration Bob Chaput 615-656-4299 or 800-704-3394 bob.chaput@clearwatercompliance.com Clearwater Compliance LLC 1 About HIPAA-HITECH Compliance 1. We are

More information

2016 Survey: A Pulse on Mobility in Healthcare

2016 Survey: A Pulse on Mobility in Healthcare 2016 Survey: A Pulse on Mobility in Healthcare Introduction Mobile Trends in Healthcare Mobility in Healthcare Top Motivation for Implementing a Mobile Solution Impact of Mobility on Patient Experience

More information

Accelerating the HCLS Industry Through Cloud Computing

Accelerating the HCLS Industry Through Cloud Computing Accelerating the HCLS Industry Through Cloud Computing Use cloud computing to accelerate life sciences and healthcare specific workloads, and meet the unique computation, storage, security, and compliance

More information

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

Choosing a Secure Cloud Service Provider

Choosing a Secure Cloud Service Provider Choosing a Secure Cloud Service Provider Dr. Ricci IEONG, CISSP, CISA, CISM, CCSK, CCSP, CEH,GPEN, GIAC Advisory Board, ISSAP, ISSMP, F.ISFS Vice President Professional Development Cloud Security Alliance

More information

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Are your authentication, access, and audit paradigms up to date? Table of Contents Synopsis...1

More information

Business Continuity Management Standards A Side-by-Side Comparison

Business Continuity Management Standards A Side-by-Side Comparison Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan

More information

Create the ideal conditions for your network to grow.

Create the ideal conditions for your network to grow. Create the ideal conditions for your network to grow. Create the ideal conditions for your network to grow. SBC PremierSERV SM Network Integration and Managed Services. Flexible, end-to-end solutions

More information

HIPAA RISK ADVISOR SAMPLE REPORT

HIPAA RISK ADVISOR SAMPLE REPORT HIPAA RISK ADVISOR SAMPLE REPORT HIPAA Security Analysis Report The most tangible part of any annual security risk assessment is the final report of findings and recommendations. It s important to have

More information

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Agenda Why Breaches Matter to the ITAM group The cost

More information

Introduction to AWS GoldBase

Introduction to AWS GoldBase Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document

More information

HITRUST ON THE CLOUD. Navigating Healthcare Compliance

HITRUST ON THE CLOUD. Navigating Healthcare Compliance HITRUST ON THE CLOUD Navigating Healthcare Compliance As the demand for digital health solutions increases, the IT regulatory landscape continues to evolve. Staying ahead of new cybersecurity rules and

More information

Layer Security White Paper

Layer Security White Paper Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY

More information

HIPAA Regulatory Compliance

HIPAA Regulatory Compliance Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health

More information

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization

More information

Is Your Compliance Strategy Putting Your Business at Risk?

Is Your Compliance Strategy Putting Your Business at Risk? Is Your Compliance Strategy Putting Your Business at Risk? January 20, 2015 2015 NASDAQ-LISTED: EGHT Today s Speakers Michael McAlpen Exec. Dir. of Security & Compliance, 8x8, Inc. David Leach Business

More information

efolder White Paper: HIPAA Compliance

efolder White Paper: HIPAA Compliance efolder White Paper: HIPAA Compliance November 2015 Copyright 2015, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within

More information